CVE-2022-45421Out-of-bounds Write in Mozilla Firefox

CWE-787Out-of-bounds WriteCWE-120Classic Buffer Overflow13 documents8 sources
Severity
8.8HIGHNVD
OSV8.1OSV6.5
EPSS
0.3%
top 50.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedDec 22
Latest updateFeb 6

Description

Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

CVEListV5mozilla/firefoxunspecified107
NVDmozilla/firefox< 107.0
CVEListV5mozilla/firefox_esrunspecified102.5
CVEListV5mozilla/thunderbirdunspecified102.5
NVDmozilla/firefox_esr< 102.5

🔴Vulnerability Details

5
OSV
thunderbird vulnerabilities2023-02-06
GHSA
GHSA-gf6p-963f-gv5h: Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 1022022-12-22
CVEList
CVE-2022-45421: Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 1022022-12-22
OSV
CVE-2022-45421: Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 1022022-12-22
OSV
firefox vulnerabilities2022-11-16

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2023-02-06
Ubuntu
Firefox vulnerabilities2022-11-16
Red Hat
Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.52022-11-15
Debian
CVE-2022-45421: firefox - Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety b...2022
Mozilla
Mozilla Foundation Security Advisory 2022-47: CVE-2022-45421
CVE-2022-45421 — Out-of-bounds Write in Mozilla Firefox | cvebase